Cross-compilation of dist/Storable fails #16646
Comments
From philipp@cpan.orgI’m the package maintainer for Perl on OpenWrt. We’re trying to ship 5.28.0 since 5.26.2 and below have the Archive::Tar CVE-2018-12015. Unfortunately, dist/Storable/stacksize is not a cross-compilation friendly script, since it assumes that one is never cross-compiling. Clearly that’s not the case. The bug manifests as: cd dist/Storable ; LD_LIBRARY_PATH=/home/philipp/lede/build_dir/target-x86_64_musl/perl/perl-5.28.0 make lib/Storable/Limit.pm And it’s exactly because we are cross-compiling that we build and use miniperl, as well as setting: usecrosscompile=‘define’ in config.sh. We’ve been calling out this issue for almost a month now, and it’s the sole blocker to updating our distro's migration to 5.28.0 and hence mitigating the CVE. This is urgent. Thanks ======== Platform: Characteristics of this binary (from libperl): |
From @tonycozOn Sun, 29 Jul 2018 21:10:00 -0700, philipp@cpan.org wrote:
Please try the attached. Tony |
From @tonycoz0001-perl-133411-don-t-try-to-load-Storable-with-Dusecros.patchFrom 682a4acb98783a7f9b5c286b308f12863599fec3 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Mon, 30 Jul 2018 21:00:52 +1000
Subject: (perl #133411) don't try to load Storable with -Dusecrosscompile
---
dist/Storable/Makefile.PL | 9 ++++++++-
dist/Storable/stacksize | 10 +++++++---
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/dist/Storable/Makefile.PL b/dist/Storable/Makefile.PL
index a5d9e66891..db420ab30b 100644
--- a/dist/Storable/Makefile.PL
+++ b/dist/Storable/Makefile.PL
@@ -95,11 +95,18 @@ sub depend {
# blib.pm needs arch/lib
$extra_deps = ' Storable.pm';
}
+ my $whichperl;
+ if ($Config::Config{usecrosscompile}) {
+ $whichperl = '$(PERLRUN)';
+ }
+ else {
+ $whichperl = '$(FULLPERLRUNINST)';
+ }
my $linktype = uc($_[0]->{LINKTYPE});
"
$limit_pm : stacksize \$(INST_$linktype)$extra_deps
\$(MKPATH) \$(INST_LIB)
- \$(FULLPERLRUNINST) stacksize $options
+ $whichperl stacksize $options
release : dist
git tag \$(VERSION)
diff --git a/dist/Storable/stacksize b/dist/Storable/stacksize
index 7abd3a84cc..14e0739734 100644
--- a/dist/Storable/stacksize
+++ b/dist/Storable/stacksize
@@ -7,6 +7,9 @@ use Cwd;
use File::Spec;
use strict;
+-d "lib" or mkdir "lib";
+-d "lib/Storable" or mkdir "lib/Storable";
+
my $fn = "lib/Storable/Limit.pm";
my $ptrsize = $Config{ptrsize};
my ($bad1, $bad2) = (65001, 25000);
@@ -29,6 +32,10 @@ sub is_miniperl {
}
if (is_miniperl()) {
+ if ($Config{usecrosscompile}) {
+ write_limits(500, 265);
+ exit;
+ }
die "Should not run during miniperl\n";
}
my $prefix = "";
@@ -68,9 +75,6 @@ if ($ENV{PERL_CORE}) {
}
}
--d "lib" or mkdir "lib";
--d "lib/Storable" or mkdir "lib/Storable";
-
if ($^O eq "MSWin32") {
require Win32;
my ($str, $major, $minor) = Win32::GetOSVersion();
--
2.11.0
|
|
The RT System itself - Status changed from 'new' to 'open' |
From philipp@cpan.org
Seems to be working! Thanks. Had to tweak it slight to get it to work with 5.28.0 and not “blead/master”: |
From @tonycozOn Mon, 30 Jul 2018 16:12:05 -0700, philipp@cpan.org wrote:
Thanks for the feedback, applied to blead as edf639f Tony |
|
@tonycoz - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release today of Perl 5.30.0, this and 160 other issues have been Perl 5.30.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
|
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#133411 (status was 'resolved')
Searchable as RT133411$
The text was updated successfully, but these errors were encountered: